enterprise-support team mailing list archive

Thread
Date

[Bug 1802630] [NEW] apache ssl auth failed in renegotiation

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: laurentl <1802630@xxxxxxxxxxxxxxxxxx>
Date: Sat, 10 Nov 2018 09:43:50 -0000
Reply-to: Bug 1802630 <1802630@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

since i upgrade to ubuntu cosmic, so from apache2 2.4.29 to 2.4.34 and
openssl from 1.1.0 to 1.1.1, my ssl auth failed with the following
error:

[Sat Nov 10 09:32:00.442814 2018] [ssl:error] [pid 17784:tid 139825168492288] [client 192.168.0.9:44610] AH02261: Re-negotiation handshake failed
[Sat Nov 10 09:32:00.442877 2018] [ssl:error] [pid 17784:tid 139825168492288] SSL Library Error: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

my ssl auth config:

    # client ssl authentication
    SSLCACertificateFile /etc/pki/certs/ca.crt
    SSLCARevocationFile /etc/pki/crl/crl.pem
    SSLCARevocationCheck chain
    SSLOCSPEnable on
    <Location "/">
        SSLVerifyClient require
        SSLVerifyDepth 1
        SSLRequireSSL

        # client certificate must have the following informations
        Require expr ( \
                (%{SSL_CLIENT_S_DN_O} == "XXX") && \
                (%{SSL_CLIENT_S_DN_OU} == "XXX") \
                )
    </Location>

my certificate are valid and verified with openssl verify and this
configuration works well before the upgrade.

ProblemType: Bug
DistroRelease: Ubuntu 18.10
Package: apache2 2.4.34-1ubuntu2
ProcVersionSignature: Ubuntu 4.18.0-10.11-generic 4.18.12
Uname: Linux 4.18.0-10-generic x86_64
Apache2ConfdDirListing: False
Apache2Modules:
 Error: command ['pkexec', '/usr/sbin/apachectl', '-D DUMP_MODULES'] failed with exit code 127: polkit-agent-helper-1: error response to PolicyKit daemon: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
 Error executing command as another user: Not authorized
 
 This incident has been reported.
ApportVersion: 2.20.10-0ubuntu13
Architecture: amd64
Date: Sat Nov 10 10:37:50 2018
SourcePackage: apache2
UpgradeStatus: Upgraded to cosmic on 2018-11-09 (1 days ago)
modified.conffile..etc.apache2.conf-available.security.conf: [modified]
modified.conffile..etc.apache2.mods-available.mpm_event.conf: [modified]
modified.conffile..etc.apache2.ports.conf: [modified]
modified.conffile..etc.apache2.sites-available.000-default.conf: [modified]
modified.conffile..etc.apache2.sites-available.default-ssl.conf: [deleted]
modified.conffile..etc.logrotate.d.apache2: [modified]
mtime.conffile..etc.apache2.conf-available.security.conf: 2018-09-25T12:29:03.792447
mtime.conffile..etc.apache2.mods-available.mpm_event.conf: 2018-09-25T12:29:03.884447
mtime.conffile..etc.apache2.ports.conf: 2018-09-30T09:02:08.013554
mtime.conffile..etc.apache2.sites-available.000-default.conf: 2018-10-26T16:34:45.022263
mtime.conffile..etc.logrotate.d.apache2: 2018-09-25T12:29:04.252447

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug cosmic

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1802630

Title:
  apache ssl auth failed in renegotiation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1802630/+subscriptions

Follow ups

[Bug 1802630] Re: apache ssl auth failed in renegotiation
From: Launchpad Bug Tracker, 2019-01-20